CompTIA PenTest+ Certification Exam v1.0 (PT0-001)

Page:    1 / 10   
Total 139 questions

Which of the following excerpts would come from a corporate policy?

  • A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.
  • B. The help desk can be reached at 800-passwd1 to perform password resets.
  • C. Employees must use strong passwords for accessing corporate assets.
  • D. The corporate systems must store passwords using the MD5 hashing algorithm.


Answer : D

In which of the following scenarios would a tester perform a Kerberoasting attack?

  • A. The tester has compromised a Windows device and dumps the LSA secrets.
  • B. The tester needs to retrieve the SAM database and crack the password hashes.
  • C. The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
  • D. The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.


Answer : C

While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

  • A. HKEY_CLASSES_ROOT
  • B. HKEY_LOCAL_MACHINE
  • C. HKEY_CURRENT_USER
  • D. HKEY_CURRENT_CONFIG


Answer : C

Reference:
https://www.redcanary.com/blog/windows-registry-attacks-threat-detection/

A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

  • A. dsrm -users "DN=company.com; OU=hq CN=users"
  • B. dsuser -name -account -limit 3
  • C. dsquery user -inactive 3
  • D. dsquery -o -rdn -limit 21


Answer : D

Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?

  • A. Creating a scope of the critical production systems
  • B. Setting a schedule of testing access times
  • C. Establishing a white-box testing engagement
  • D. Having management sign off on intrusive testing


Answer : B

HOTSPOT -
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:




Answer :

In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?

  • A. Brute force the user"™s password.
  • B. Perform an ARP spoofing attack.
  • C. Leverage the BeEF framework to capture credentials.
  • D. Conduct LLMNR/NETBIOS-ns poisoning.


Answer : A

A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?

  • A. Nikto
  • B. WAR
  • C. W3AF
  • D. Swagger


Answer : D

Reference:
https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases/

DRAG DROP -
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the reset all button.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
Select and Place:




Answer :

If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8
Which of the following formats is the correct hash type?

  • A. Kerberos
  • B. NetNTLMv1
  • C. NTLM
  • D. SHA-1


Answer : D

During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.
Which of the following would be the BEST target for continued exploitation efforts?

  • A. Operating system: Windows 7 Open ports: 23, 161
  • B. Operating system: Windows Server 2016 Open ports: 53, 5900
  • C. Operating system: Windows 8.1 Open ports: 445, 3389
  • D. Operating system: Windows 8 Open ports: 514, 3389


Answer : C

Which of the following would be the BEST for performing passive reconnaissance on a target"™s external domain?

  • A. Peach
  • B. CeWL
  • C. OpenVAS
  • D. Shodan


Answer : D

Reference:
https://www.securitysift.com/passive-reconnaissance/

A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

  • A. The client has applied a hot fix without updating the version.
  • B. The threat landscape has significantly changed.
  • C. The client has updated their codebase with new features.
  • D. Thera are currently no known exploits for this vulnerability.


Answer : A

An attacker uses SET to make a copy of a company"™s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO"™s login credentials. Which of the following types of attacks is this an example of?

  • A. Elicitation attack
  • B. Impersonation attack
  • C. Spear phishing attack
  • D. Drive-by download attack


Answer : A

Reference:
https://www.social-engineer.org/framework/influencing-others/elicitation/

A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?

  • A. nmap -p 22 -iL targets
  • B. nmap -p 22 -sL targets
  • C. nmap -p 22 -oG targets
  • D. nmap -p 22 -oA targets


Answer : A

Page:    1 / 10   
Total 139 questions